package com.hbzhit.common.xss;

import cn.hutool.core.util.StrUtil;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/**
 * XSS过滤
 *
 * @author Mark sunlightcs@gmail.com
 */
public class XssFilter implements Filter {
	/**
	 * 排除链接
	 */
	private List<String> excludes = new ArrayList<>();

	/**
	 * xss过滤开关
	 */
	private boolean enabled = false;

	@Override
	public void init(FilterConfig config) throws ServletException {
		String tempExcludes = config.getInitParameter("excludes");
		String tempEnabled = config.getInitParameter("enabled");
		if (StrUtil.isNotEmpty(tempExcludes)) {
			String[] url = tempExcludes.split(",");
			Collections.addAll(excludes, url);
		}
		if (StrUtil.isNotEmpty(tempEnabled)) {
			enabled = Boolean.valueOf(tempEnabled);
		}
	}

	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
            throws IOException, ServletException {
		HttpServletRequest req = (HttpServletRequest) request;
		if (handleExcludeUrl(req)){
			chain.doFilter(request, response);
			return;
		}
		XssHttpServletRequestWrapper xssRequest = new XssHttpServletRequestWrapper(
				(HttpServletRequest) request);
		chain.doFilter(xssRequest, response);
	}

	@Override
	public void destroy() {
	}

	/**
	 * 判断当前路径是否需要过滤
	 */
	private boolean handleExcludeUrl(HttpServletRequest request) {
		if (!enabled) {
			return true;
		}
		if (excludes == null || excludes.isEmpty()) {
			return false;
		}
		String url = request.getServletPath();
		for (String pattern : excludes) {
			Pattern p = Pattern.compile("^" + pattern);
			Matcher m = p.matcher(url);
			if (m.find()) {
				return true;
			}
		}
		return false;
	}

}
